I would like to set all roles, except Admin and Configuration Management, to have view-only permission for several CI objects (e.g. CI.Computer). This is so that Admin and Configuration Management roles can add, delete or modify these CI objects but all other roles (e.g. SDA) have view only access.

Is there an easier way to achieve this rather than opening up each role one at a time in Configure > Roles and Permissions, then navigate to the CI objects in Object Permissions, unchecking Add, Edit and Delete options and saving the changes?

Not that I have found, you either set the permissions on the Object (forms, business rules etc.) or object permissions per role.

We typically will make a base role as close the the one required, clone it and tweak to the final result. For example to create a 2nd line resolver role we would clone the SDA role and make the required changes.

You could raise this as a feature request, if it is something your doing a lot.

Thanks for you response Alasdair. We have about 28 roles, some are OOTB roles and others we created. In order for me to make certain CI objects view only except for Admin and Configuration Management roles, I have to open each of the other roles and set them to have view only permission for those CI objects, which is why I trying to find out if there is a 'better way', like perhaps a quick action :-).